Subject: Re: LDAP NSS for NetBSD
To: Love <lha@stacken.kth.se>
From: James Chacon <jmc@NetBSD.org>
List: tech-userlevel
Date: 02/22/2005 10:20:58
On Tue, Feb 22, 2005 at 04:32:55PM +0100, Love wrote:
> 
> James Chacon <jmc@NetBSD.org> writes:
> 
> >> I think something like nscd/winbind/lookupd is needed here. The overhead of
> >> TLS connections is to much for the LDAP server, its hard to do TLS
> >> connection reuse, there no where to save the session data.
> >> 
> >> Sorry for introducing requirements, but experience work showed using a
> >> couple 100's clients with no tls caching made the ldap servers real
> >> unhappy.
> >
> > What kind of ldap servers? We use ldap+tls here w. > 100 clients and a
> > couple of those are extrememly busy (think imap logins for 30,000+ users).
> > The LDAP servers keep up fine with that.
> 
> OpenLDAP, it was now 2-3 years ago. It was a combination of storing TLS
> connections and TCP connections, the thing that killed the LDAP server for
> real was that the (linux) LDAP server ran out of bits in the select bitmap.

Ok, so thats just a scaling problem. If you can only support N simultaneous
connections and N^2 try to connect, then yes you'll have problems but thats
a problem for any type of mis-designed installation.

James